active_accountability_merchant 1.97.1

data/lib/active_merchant/billing/gateways/sage.rb

@@ -0,0 +1,448 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class SageGateway < Gateway
+      include Empty
+
+      self.display_name = 'http://www.sagepayments.com'
+      self.homepage_url = 'Sage Payment Solutions'
+      self.live_url = 'https://www.sagepayments.net/cgi-bin'
+
+      self.supported_countries =  ['US', 'CA']
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :diners_club]
+
+      TRANSACTIONS = {
+        :purchase           => '01',
+        :authorization      => '02',
+        :capture            => '11',
+        :void               => '04',
+        :credit             => '06',
+        :refund             => '10'
+      }
+
+      SOURCE_CARD   = 'bankcard'
+      SOURCE_ECHECK =  'virtual_check'
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      def authorize(money, credit_card, options = {})
+        post = {}
+        add_credit_card(post, credit_card)
+        add_transaction_data(post, money, options)
+        commit(:authorization, post, SOURCE_CARD)
+      end
+
+      def purchase(money, payment_method, options = {})
+        post = {}
+        if card_brand(payment_method) == 'check'
+          source = SOURCE_ECHECK
+          add_check(post, payment_method)
+          add_check_customer_data(post, options)
+        else
+          source = SOURCE_CARD
+          add_credit_card(post, payment_method)
+        end
+        add_transaction_data(post, money, options)
+        commit(:purchase, post, source)
+      end
+
+      # The +money+ amount is not used. The entire amount of the
+      # initial authorization will be captured.
+      def capture(money, reference, options = {})
+        post = {}
+        add_reference(post, reference)
+        commit(:capture, post, SOURCE_CARD)
+      end
+
+      def void(reference, options = {})
+        post = {}
+        add_reference(post, reference)
+        source = reference.split(';').last
+        commit(:void, post, source)
+      end
+
+      def credit(money, payment_method, options = {})
+        post = {}
+        if card_brand(payment_method) == 'check'
+          source = SOURCE_ECHECK
+          add_check(post, payment_method)
+          add_check_customer_data(post, options)
+        else
+          source = SOURCE_CARD
+          add_credit_card(post, payment_method)
+        end
+        add_transaction_data(post, money, options)
+        commit(:credit, post, source)
+      end
+
+      def refund(money, reference, options={})
+        post = {}
+        add_reference(post, reference)
+        add_transaction_data(post, money, options)
+        commit(:refund, post, SOURCE_CARD)
+      end
+
+      def store(credit_card, options = {})
+        vault.store(credit_card, options)
+      end
+
+      def unstore(identification, options = {})
+        vault.unstore(identification, options)
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        force_utf8(transcript).
+          gsub(%r((M_id=)[^&]*), '\1[FILTERED]').
+          gsub(%r((M_key=)[^&]*), '\1[FILTERED]').
+          gsub(%r((C_cardnumber=)[^&]*), '\1[FILTERED]').
+          gsub(%r((C_cvv=)[^&]*), '\1[FILTERED]').
+          gsub(%r((C_rte=)[^&]*), '\1[FILTERED]').
+          gsub(%r((C_acct=)[^&]*), '\1[FILTERED]').
+          gsub(%r((C_ssn=)[^&]*), '\1[FILTERED]').
+          gsub(%r((<ns1:CARDNUMBER>).+(</ns1:CARDNUMBER>)), '\1[FILTERED]\2').
+          gsub(%r((<ns1:M_ID>).+(</ns1:M_ID>)), '\1[FILTERED]\2').
+          gsub(%r((<ns1:M_KEY>).+(</ns1:M_KEY>)), '\1[FILTERED]\2')
+      end
+
+      private
+
+      # use the same method as in pay_conex
+      def force_utf8(string)
+        return nil unless string
+        binary = string.encode('BINARY', invalid: :replace, undef: :replace, replace: '?')   # Needed for Ruby 2.0 since #encode is a no-op if the string is already UTF-8. It's not needed for Ruby 2.1 and up since it's not a no-op there.
+        binary.encode('UTF-8', invalid: :replace, undef: :replace, replace: '?')
+      end
+
+      def add_credit_card(post, credit_card)
+        post[:C_name]       = credit_card.name
+        post[:C_cardnumber] = credit_card.number
+        post[:C_exp]        = expdate(credit_card)
+        post[:C_cvv]        = credit_card.verification_value if credit_card.verification_value?
+      end
+
+      def add_check(post, check)
+        post[:C_first_name]   = check.first_name
+        post[:C_last_name]    = check.last_name
+        post[:C_rte]          = check.routing_number
+        post[:C_acct]         = check.account_number
+        post[:C_check_number] = check.number
+        post[:C_acct_type]    = account_type(check)
+      end
+
+      def add_check_customer_data(post, options)
+        # Required  Customer Type – (NACHA Transaction Class)
+        # CCD for Commercial, Merchant Initiated
+        # PPD for Personal, Merchant Initiated
+        # WEB for Internet, Consumer Initiated
+        # RCK for Returned Checks
+        # ARC for Account Receivable Entry
+        # TEL for TelephoneInitiated
+        post[:C_customer_type] = 'WEB'
+
+        # Optional  10  Digit Originator  ID – Assigned  By for  each transaction  class  or  business  purpose. If  not provided, the default Originator ID for the specific  Customer Type will be applied. 
+        post[:C_originator_id] = options[:originator_id]
+
+        # Optional  Transaction Addenda
+        post[:T_addenda] = options[:addenda]
+
+        # Required  Check  Writer  Social  Security  Number  (  Numbers Only, No Dashes ) 
+        post[:C_ssn] = options[:ssn].to_s.gsub(/[^\d]/, '')
+
+        post[:C_dl_state_code] = options[:drivers_license_state]
+        post[:C_dl_number]     = options[:drivers_license_number]
+        post[:C_dob]           = format_birth_date(options[:date_of_birth])
+      end
+
+      def format_birth_date(date)
+        date.respond_to?(:strftime) ? date.strftime('%m/%d/%Y') : date
+      end
+
+      # DDA for Checking
+      # SAV for Savings 
+      def account_type(check)
+        case check.account_type
+        when 'checking' then 'DDA'
+        when 'savings'  then 'SAV'
+        else raise ArgumentError, "Unknown account type #{check.account_type}"
+        end
+      end
+
+      def parse(data, source)
+        source == SOURCE_ECHECK ? parse_check(data) : parse_credit_card(data)
+      end
+
+      def parse_check(data)
+        response = {}
+        response[:success]          = data[1, 1]
+        response[:code]             = data[2, 6].strip
+        response[:message]          = data[8, 32].strip
+        response[:risk]             = data[40, 2]
+        response[:reference]        = data[42, 10]
+
+        extra_data = data[53...-1].split("\034")
+        response[:order_number] = extra_data[0]
+        response[:authentication_indicator] = extra_data[1]
+        response[:authentication_disclosure] = extra_data[2]
+        response
+      end
+
+      def parse_credit_card(data)
+        response = {}
+        response[:success]          = data[1, 1]
+        response[:code]             = data[2, 6]
+        response[:message]          = data[8, 32].strip
+        response[:front_end]        = data[40, 2]
+        response[:cvv_result]       = data[42, 1]
+        response[:avs_result]       = data[43, 1].strip
+        response[:risk]             = data[44, 2]
+        response[:reference]        = data[46, 10]
+
+        response[:order_number], response[:recurring] = data[57...-1].split("\034")
+        response
+      end
+
+      def add_invoice(post, options)
+        post[:T_ordernum] = (options[:order_id] || generate_unique_id).slice(0, 20)
+        post[:T_tax] = amount(options[:tax]) unless empty?(options[:tax])
+        post[:T_shipping] = amount(options[:shipping]) unless empty?(options[:shipping])
+      end
+
+      def add_reference(post, reference)
+        ref, _ = reference.to_s.split(';')
+        post[:T_reference] = ref
+      end
+
+      def add_amount(post, money)
+        post[:T_amt] = amount(money)
+      end
+
+      def add_customer_data(post, options)
+        post[:T_customer_number] = options[:customer] if Float(options[:customer]) rescue nil
+      end
+
+      def add_addresses(post, options)
+        billing_address   = options[:billing_address] || options[:address] || {}
+
+        post[:C_address]    = billing_address[:address1]
+        post[:C_city]       = billing_address[:city]
+        post[:C_state]      = empty?(billing_address[:state]) ? 'Outside of US' : billing_address[:state]
+        post[:C_zip]        = billing_address[:zip]
+        post[:C_country]    = billing_address[:country]
+        post[:C_telephone]  = billing_address[:phone]
+        post[:C_fax]        = billing_address[:fax]
+        post[:C_email]      = options[:email]
+
+        if shipping_address = options[:shipping_address]
+          post[:C_ship_name]    = shipping_address[:name]
+          post[:C_ship_address] = shipping_address[:address1]
+          post[:C_ship_city]    = shipping_address[:city]
+          post[:C_ship_state]   = shipping_address[:state]
+          post[:C_ship_zip]     = shipping_address[:zip]
+          post[:C_ship_country] = shipping_address[:country]
+        end
+      end
+
+      def add_transaction_data(post, money, options)
+        add_amount(post, money)
+        add_invoice(post, options)
+        add_addresses(post, options)
+        add_customer_data(post, options)
+      end
+
+      def commit(action, params, source)
+        url = url(params, source)
+        response = parse(ssl_post(url, post_data(action, params)), source)
+
+        Response.new(success?(response), response[:message], response,
+          :test => test?,
+          :authorization => authorization_from(response, source),
+          :avs_result => { :code => response[:avs_result] },
+          :cvv_result => response[:cvv_result]
+        )
+      end
+
+      def url(params, source)
+        if source == SOURCE_ECHECK
+          "#{live_url}/eftVirtualCheck.dll?transaction"
+        else
+          "#{live_url}/eftBankcard.dll?transaction"
+        end
+      end
+
+      def authorization_from(response, source)
+        "#{response[:reference]};#{source}"
+      end
+
+      def success?(response)
+        response[:success] == 'A'
+      end
+
+      def post_data(action, params = {})
+        params[:M_id]  = @options[:login]
+        params[:M_key] = @options[:password]
+        params[:T_code] = TRANSACTIONS[action]
+
+        params.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      def vault
+        @vault ||= SageVault.new(@options, self)
+      end
+
+      class SageVault
+
+        def initialize(options, gateway)
+          @live_url = 'https://www.sagepayments.net/web_services/wsVault/wsVault.asmx'
+          @options = options
+          @gateway = gateway
+        end
+
+        def store(credit_card, options = {})
+          request = build_store_request(credit_card, options)
+          commit(:store, request)
+        end
+
+        def unstore(identification, options = {})
+          request = build_unstore_request(identification, options)
+          commit(:unstore, request)
+        end
+
+        private
+
+        # A valid request example, since the Sage docs have none:
+        #
+        # <?xml version="1.0" encoding="UTF-8" ?>
+        # <SOAP-ENV:Envelope
+        #   xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
+        #   xmlns:ns1="https://www.sagepayments.net/web_services/wsVault/wsVault">
+        #   <SOAP-ENV:Body>
+        #     <ns1:INSERT_CREDIT_CARD_DATA>
+        #       <ns1:M_ID>279277516172</ns1:M_ID>
+        #       <ns1:M_KEY>O3I8G2H8V6A3</ns1:M_KEY>
+        #       <ns1:CARDNUMBER>4111111111111111</ns1:CARDNUMBER>
+        #       <ns1:EXPIRATION_DATE>0915</ns1:EXPIRATION_DATE>
+        #     </ns1:INSERT_CREDIT_CARD_DATA>
+        #   </SOAP-ENV:Body>
+        # </SOAP-ENV:Envelope>
+        def build_store_request(credit_card, options)
+          xml = Builder::XmlMarkup.new
+          add_credit_card(xml, credit_card, options)
+          xml.target!
+        end
+
+        def build_unstore_request(identification, options)
+          xml = Builder::XmlMarkup.new
+          add_identification(xml, identification, options)
+          xml.target!
+        end
+
+        def add_customer_data(xml)
+          xml.tag! 'ns1:M_ID', @options[:login]
+          xml.tag! 'ns1:M_KEY', @options[:password]
+        end
+
+        def add_credit_card(xml, credit_card, options)
+          xml.tag! 'ns1:CARDNUMBER', credit_card.number
+          xml.tag! 'ns1:EXPIRATION_DATE', exp_date(credit_card)
+        end
+
+        def add_identification(xml, identification, options)
+          xml.tag! 'ns1:GUID', identification
+        end
+
+        def exp_date(credit_card)
+          year  = sprintf('%.4i', credit_card.year)
+          month = sprintf('%.2i', credit_card.month)
+
+          "#{month}#{year[-2..-1]}"
+        end
+
+        def commit(action, request)
+          response = parse(
+            @gateway.ssl_post(
+              @live_url,
+              build_soap_request(action, request),
+              build_headers(action)
+            )
+          )
+
+          case action
+          when :store
+            success = response[:success] == 'true'
+            message = response[:message].downcase.capitalize if response[:message]
+          when :unstore
+            success = response[:delete_data_result] == 'true'
+            message = success ? 'Succeeded' : 'Failed'
+          end
+
+          Response.new(success, message, response,
+            authorization: response[:guid]
+          )
+        end
+
+        ENVELOPE_NAMESPACES = {
+          'xmlns:SOAP-ENV' => 'http://schemas.xmlsoap.org/soap/envelope/',
+          'xmlns:ns1' => 'https://www.sagepayments.net/web_services/wsVault/wsVault'
+        }
+
+        ACTION_ELEMENTS = {
+          store: 'INSERT_CREDIT_CARD_DATA',
+          unstore: 'DELETE_DATA'
+        }
+
+        def build_soap_request(action, body)
+          xml = Builder::XmlMarkup.new
+
+          xml.instruct!
+          xml.tag! 'SOAP-ENV:Envelope', ENVELOPE_NAMESPACES do
+            xml.tag! 'SOAP-ENV:Body' do
+              xml.tag! "ns1:#{ACTION_ELEMENTS[action]}" do
+                add_customer_data(xml)
+                xml << body
+              end
+            end
+          end
+          xml.target!
+        end
+
+        SOAP_ACTIONS = {
+          store: 'https://www.sagepayments.net/web_services/wsVault/wsVault/INSERT_CREDIT_CARD_DATA',
+          unstore: 'https://www.sagepayments.net/web_services/wsVault/wsVault/DELETE_DATA'
+        }
+
+        def build_headers(action)
+          {
+            'SOAPAction' => SOAP_ACTIONS[action],
+            'Content-Type' => 'text/xml; charset=utf-8'
+          }
+        end
+
+        def parse(body)
+          response = {}
+          hashify_xml!(body, response)
+          response
+        end
+
+        def hashify_xml!(xml, response)
+          xml = REXML::Document.new(xml)
+
+          # Store
+          xml.elements.each('//Table1/*') do |node|
+            response[node.name.underscore.to_sym] = node.text
+          end
+
+          # Unstore
+          xml.elements.each('//DELETE_DATAResponse/*') do |node|
+            response[node.name.underscore.to_sym] = node.text
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/sage_pay.rb

@@ -0,0 +1,434 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class SagePayGateway < Gateway
+      cattr_accessor :simulate
+      self.simulate = false
+
+      class_attribute :simulator_url
+
+      self.test_url = 'https://test.sagepay.com/gateway/service'
+      self.live_url = 'https://live.sagepay.com/gateway/service'
+      self.simulator_url = 'https://test.sagepay.com/Simulator'
+
+      APPROVED = 'OK'
+
+      TRANSACTIONS = {
+        :purchase => 'PAYMENT',
+        :credit => 'REFUND',
+        :authorization => 'DEFERRED',
+        :capture => 'RELEASE',
+        :void => 'VOID',
+        :abort => 'ABORT',
+        :store => 'TOKEN',
+        :unstore => 'REMOVETOKEN',
+        :repeat => 'REPEAT'
+      }
+
+      CREDIT_CARDS = {
+        :visa => 'VISA',
+        :master => 'MC',
+        :delta => 'DELTA',
+        :maestro => 'MAESTRO',
+        :american_express => 'AMEX',
+        :electron => 'UKE',
+        :diners_club => 'DC',
+        :jcb => 'JCB'
+      }
+
+      AVS_CODE = {
+        'NOTPROVIDED' => nil,
+        'NOTCHECKED' => 'X',
+        'MATCHED' => 'Y',
+        'NOTMATCHED' => 'N'
+      }
+
+      CVV_CODE = {
+        'NOTPROVIDED' => 'S',
+        'NOTCHECKED' => 'X',
+        'MATCHED' => 'M',
+        'NOTMATCHED' => 'N'
+      }
+
+      OPTIONAL_REQUEST_FIELDS = {
+        paypal_callback_url: :PayPalCallbackURL,
+        basket: :Basket,
+        gift_aid_payment: :GiftAidPayment,
+        apply_avscv2: :ApplyAVSCV2,
+        apply_3d_secure: :Apply3DSecure,
+        account_type: :AccountType,
+        billing_agreement: :BillingAgreement,
+        basket_xml: :BasketXML,
+        customer_xml: :CustomerXML,
+        surcharge_xml: :SurchargeXML,
+        vendor_data: :VendorData,
+        language: :Language,
+        website: :Website,
+        recipient_account_number: :FIRecipientAcctNumber,
+        recipient_surname: :FIRecipientSurname,
+        recipient_postcode: :FIRecipientPostcode,
+        recipient_dob: :FIRecipientDoB
+      }
+
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover, :jcb, :maestro, :diners_club]
+      self.supported_countries = ['GB', 'IE']
+      self.default_currency = 'GBP'
+
+      self.homepage_url = 'http://www.sagepay.com'
+      self.display_name = 'SagePay'
+
+      def initialize(options = {})
+        requires!(options, :login)
+        super
+      end
+
+      def purchase(money, payment_method, options = {})
+        requires!(options, :order_id)
+
+        post = {}
+
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_payment_method(post, payment_method, options)
+        add_address(post, options)
+        add_customer_data(post, options)
+        add_optional_data(post, options)
+
+        commit((past_purchase_reference?(payment_method) ? :repeat : :purchase), post)
+      end
+
+      def authorize(money, payment_method, options = {})
+        requires!(options, :order_id)
+
+        post = {}
+
+        add_amount(post, money, options)
+        add_invoice(post, options)
+        add_payment_method(post, payment_method, options)
+        add_address(post, options)
+        add_customer_data(post, options)
+        add_optional_data(post, options)
+
+        commit(:authorization, post)
+      end
+
+      # You can only capture a transaction once, even if you didn't capture the full amount the first time.
+      def capture(money, identification, options = {})
+        post = {}
+
+        add_reference(post, identification)
+        add_release_amount(post, money, options)
+
+        commit(:capture, post)
+      end
+
+      def void(identification, options = {})
+        post = {}
+
+        add_reference(post, identification)
+        action = abort_or_void_from(identification)
+
+        commit(action, post)
+      end
+
+      # Refunding requires a new order_id to passed in, as well as a description
+      def refund(money, identification, options = {})
+        requires!(options, :order_id, :description)
+
+        post = {}
+
+        add_related_reference(post, identification)
+        add_amount(post, money, options)
+        add_invoice(post, options)
+
+        commit(:credit, post)
+      end
+
+      def credit(money, identification, options = {})
+        ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+        refund(money, identification, options)
+      end
+
+      def store(credit_card, options = {})
+        post = {}
+        add_credit_card(post, credit_card)
+        add_currency(post, 0, options)
+
+        commit(:store, post)
+      end
+
+      def unstore(token, options = {})
+        post = {}
+        add_token(post, token)
+        commit(:unstore, post)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((&?CardNumber=)\d+(&?)), '\1[FILTERED]\2').
+          gsub(%r((&?CV2=)\d+(&?)), '\1[FILTERED]\2')
+      end
+
+      private
+
+      def truncate(value, max_size)
+        return nil unless value
+        return value.to_s if CGI.escape(value.to_s).length <= max_size
+
+        if value.size > max_size
+          truncate(super(value, max_size), max_size)
+        else
+          truncate(value.to_s.chop, max_size)
+        end
+      end
+
+      def add_reference(post, identification)
+        order_id, transaction_id, authorization, security_key = identification.split(';')
+
+        add_pair(post, :VendorTxCode, order_id)
+        add_pair(post, :VPSTxId, transaction_id)
+        add_pair(post, :TxAuthNo, authorization)
+        add_pair(post, :SecurityKey, security_key)
+      end
+
+      def add_related_reference(post, identification)
+        order_id, transaction_id, authorization, security_key = identification.split(';')
+
+        add_pair(post, :RelatedVendorTxCode, order_id)
+        add_pair(post, :RelatedVPSTxId, transaction_id)
+        add_pair(post, :RelatedTxAuthNo, authorization)
+        add_pair(post, :RelatedSecurityKey, security_key)
+      end
+
+      def add_amount(post, money, options)
+        currency = options[:currency] || currency(money)
+        add_pair(post, :Amount, localized_amount(money, currency), :required => true)
+        add_pair(post, :Currency, currency, :required => true)
+      end
+
+      def add_currency(post, money, options)
+        currency = options[:currency] || currency(money)
+        add_pair(post, :Currency, currency, :required => true)
+      end
+
+      # doesn't actually use the currency -- dodgy!
+      def add_release_amount(post, money, options)
+        add_pair(post, :ReleaseAmount, amount(money), :required => true)
+      end
+
+      def add_customer_data(post, options)
+        add_pair(post, :CustomerEMail, truncate(options[:email], 255)) unless options[:email].blank?
+        add_pair(post, :ClientIPAddress, options[:ip])
+      end
+
+      def add_optional_data(post, options)
+        add_pair(post, :CreateToken, 1) unless options[:store].blank?
+
+        OPTIONAL_REQUEST_FIELDS.each do |gateway_option, sagepay_field|
+          add_pair(post, sagepay_field, options[gateway_option])
+        end
+      end
+
+      def add_address(post, options)
+        if billing_address = options[:billing_address] || options[:address]
+          first_name, last_name = split_names(billing_address[:name])
+          add_pair(post, :BillingSurname, truncate(last_name, 20))
+          add_pair(post, :BillingFirstnames, truncate(first_name, 20))
+          add_pair(post, :BillingAddress1, truncate(billing_address[:address1], 100))
+          add_pair(post, :BillingAddress2, truncate(billing_address[:address2], 100))
+          add_pair(post, :BillingCity, truncate(billing_address[:city], 40))
+          add_pair(post, :BillingState, truncate(billing_address[:state], 2)) if is_usa(billing_address[:country])
+          add_pair(post, :BillingCountry, truncate(billing_address[:country], 2))
+          add_pair(post, :BillingPhone, sanitize_phone(billing_address[:phone]))
+          add_pair(post, :BillingPostCode, truncate(billing_address[:zip], 10))
+        end
+
+        if shipping_address = options[:shipping_address] || billing_address
+          first_name, last_name = split_names(shipping_address[:name])
+          add_pair(post, :DeliverySurname, truncate(last_name, 20))
+          add_pair(post, :DeliveryFirstnames, truncate(first_name, 20))
+          add_pair(post, :DeliveryAddress1, truncate(shipping_address[:address1], 100))
+          add_pair(post, :DeliveryAddress2, truncate(shipping_address[:address2], 100))
+          add_pair(post, :DeliveryCity, truncate(shipping_address[:city], 40))
+          add_pair(post, :DeliveryState, truncate(shipping_address[:state], 2)) if is_usa(shipping_address[:country])
+          add_pair(post, :DeliveryCountry, truncate(shipping_address[:country], 2))
+          add_pair(post, :DeliveryPhone, sanitize_phone(shipping_address[:phone]))
+          add_pair(post, :DeliveryPostCode, truncate(shipping_address[:zip], 10))
+        end
+      end
+
+      def add_invoice(post, options)
+        add_pair(post, :VendorTxCode, sanitize_order_id(options[:order_id]), :required => true)
+        add_pair(post, :Description, truncate(options[:description] || options[:order_id], 100))
+      end
+
+      def add_payment_method(post, payment_method, options)
+        if payment_method.is_a?(String)
+          if past_purchase_reference?(payment_method)
+            add_related_reference(post, payment_method)
+          else
+            add_token_details(post, payment_method, options)
+          end
+        else
+          add_credit_card(post, payment_method)
+        end
+      end
+
+      def add_credit_card(post, credit_card)
+        add_pair(post, :CardHolder, truncate(credit_card.name, 50), :required => true)
+        add_pair(post, :CardNumber, credit_card.number, :required => true)
+
+        add_pair(post, :ExpiryDate, format_date(credit_card.month, credit_card.year), :required => true)
+        add_pair(post, :CardType, map_card_type(credit_card))
+
+        add_pair(post, :CV2, credit_card.verification_value)
+      end
+
+      def add_token_details(post, token, options)
+        add_token(post, token)
+        add_pair(post, :StoreToken, options[:customer])
+        add_pair(post, :CV2, options[:verification_value])
+      end
+
+      def add_token(post, token)
+        add_pair(post, :Token, token)
+      end
+
+      def sanitize_order_id(order_id)
+        cleansed = order_id.to_s.gsub(/[^-a-zA-Z0-9._]/, '')
+        truncate(cleansed, 40)
+      end
+
+      def sanitize_phone(phone)
+        return nil unless phone
+        cleansed = phone.to_s.gsub(/[^0-9+]/, '')
+        truncate(cleansed, 20)
+      end
+
+      def is_usa(country)
+        truncate(country, 2) == 'US'
+      end
+
+      def map_card_type(credit_card)
+        raise ArgumentError, 'The credit card type must be provided' if card_brand(credit_card).blank?
+
+        card_type = card_brand(credit_card).to_sym
+
+        if card_type == :visa && credit_card.electron?
+          CREDIT_CARDS[:electron]
+        else
+          CREDIT_CARDS[card_type]
+        end
+      end
+
+      # MMYY format
+      def format_date(month, year)
+        return nil if year.blank? || month.blank?
+
+        year  = sprintf('%.4i', year)
+        month = sprintf('%.2i', month)
+
+        "#{month}#{year[-2..-1]}"
+      end
+
+      def commit(action, parameters)
+        response = parse(ssl_post(url_for(action), post_data(action, parameters)))
+
+        Response.new(response['Status'] == APPROVED, message_from(response), response,
+          :test => test?,
+          :authorization => authorization_from(response, parameters, action),
+          :avs_result => {
+            :street_match => AVS_CODE[response['AddressResult']],
+            :postal_match => AVS_CODE[response['PostCodeResult']],
+          },
+          :cvv_result => CVV_CODE[response['CV2Result']]
+        )
+      end
+
+      def authorization_from(response, params, action)
+        case action
+        when :store
+          response['Token']
+        else
+          [ params[:VendorTxCode],
+            response['VPSTxId'] || params[:VPSTxId],
+            response['TxAuthNo'],
+            response['SecurityKey'] || params[:SecurityKey],
+            action ].join(';')
+        end
+      end
+
+      def abort_or_void_from(identification)
+        original_transaction = identification.split(';').last
+        original_transaction == 'authorization' ? :abort : :void
+      end
+
+      def url_for(action)
+        simulate ? build_simulator_url(action) : build_url(action)
+      end
+
+      def build_url(action)
+        endpoint = case action
+        when :purchase, :authorization then 'vspdirect-register'
+        when :store then 'directtoken'
+        else TRANSACTIONS[action].downcase
+        end
+        "#{test? ? self.test_url : self.live_url}/#{endpoint}.vsp"
+      end
+
+      def build_simulator_url(action)
+        endpoint = [ :purchase, :authorization ].include?(action) ? 'VSPDirectGateway.asp' : "VSPServerGateway.asp?Service=Vendor#{TRANSACTIONS[action].capitalize}Tx"
+        "#{self.simulator_url}/#{endpoint}"
+      end
+
+      def message_from(response)
+        response['Status'] == APPROVED ? 'Success' : (response['StatusDetail'] || 'Unspecified error')    # simonr 20080207 can't actually get non-nil blanks, so this is shorter
+      end
+
+      def post_data(action, parameters = {})
+        parameters.update(
+          :Vendor => @options[:login],
+          :TxType => TRANSACTIONS[action],
+          :VPSProtocol => @options.fetch(:protocol_version, '3.00')
+        )
+
+        if(application_id && (application_id != Gateway.application_id))
+          parameters.update(:ReferrerID => application_id)
+        end
+
+        parameters.collect { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
+      end
+
+      # SagePay returns data in the following format
+      # Key1=value1
+      # Key2=value2
+      def parse(body)
+        result = {}
+        body.to_s.each_line do |pair|
+          result[$1] = $2 if pair.strip =~ /\A([^=]+)=(.+)\Z/im
+        end
+        result
+      end
+
+      def add_pair(post, key, value, options = {})
+        post[key] = value if !value.blank? || options[:required]
+      end
+
+      def past_purchase_reference?(payment_method)
+        return false unless payment_method.is_a?(String)
+        payment_method.split(';').last == 'purchase'
+      end
+    end
+  end
+end